smb_copymsgmem() fix:

Did not clear/set convenience pointers (e.g. msg.subj), so they would point to the source message hfield_dat buffers which may be freed or garbage. Apparently nothing that used smb_copymsgmem() used the convenience pointers (before now), so it hasn't been a problem before now. <shrug> It became a problem becaue I'm going to use this function in js_put_msg_header to fix a problem where the underlying smbmsg_t representation is not current even after MsgBase.put_msg_header() is used.

smb_copymsgmem() fix:
3debb32c · rswindell · 75417a26 · 3debb32c
Commit 3debb32c authored 6 years ago by rswindell
--- a/src/smblib/smblib.c
+++ b/src/smblib/smblib.c
@@ -1129,6 +1129,7 @@ int SMBCALL smb_copymsgmem(smb_t* smb, smbmsg_t* msg, smbmsg_t* srcmsg)
 	int i;

 	memcpy(msg,srcmsg,sizeof(smbmsg_t));
+	clear_convenience_ptrs(msg);

 	/* data field types/lengths */
 	if(msg->hdr.total_dfields>0) {
@@ -1172,6 +1173,7 @@ int SMBCALL smb_copymsgmem(smb_t* smb, smbmsg_t* msg, smbmsg_t* srcmsg)
 			}
 			memset(msg->hfield_dat[i],0,msg->hfield[i].length+1);
 			memcpy(msg->hfield_dat[i],srcmsg->hfield_dat[i],msg->hfield[i].length);
+			set_convenience_ptr(msg, msg->hfield[i].type, msg->hfield_dat[i]);
 		}
 	}